The fallibility of security questionnaires
The problem with the security questionnaire...is that every one of you that have been on either side of these just groaned (at least on the inside!).
Why Third-Party Risk Management Can't Be Ignored
Less than half of companies have established third-party risk management programs, yet more than half have experienced third-party related breaches in the last year.
Always Verify Identity: Good habits for staying secure.
Whatever the situation, if you do not know that the person asking you to send money, grant them access to a sensitive account, or to share sensitive information is legitimately who they say they are, verify their identity.
Steamline Sales and Build Trust with Transparency
To streamline sales and build trust I recommend a proactive approach by processors. Provide customers (controllers) with information regarding GDPR compliance applicable to data transfer impact and data privacy impact assessments.
SOC 2 Reports are Report Cards, Not Certifications
Here's my quick guide to SOC 2 reports. Nothing new here, but if you're being handed a third party risk hat or are new to GRC, I hope this helps!